Shibboleth and e-journal access: case studies

There is only one UK implementation of shibbolised access to e-journals which has been written up (Section 4.1). However, the JISC funded Core Middleware[19] Development programme (of which this project is a part) will investigate uses of Shibboleth and explore ways of extending the Shibboleth architecture, for example to incorporate more sophisticated digital rights management capabilities.

Athens, which was designed for use with digital libraries, has been successfully integrated with local institution authentication schemes (this variant of Athens is described as AthensDA, or Athens with Devolved Authentication) and allows integration of an institution's learning environment with that institution's external electronic subscriptions. The JISC believes that the same degree of integration, or better, will be possible with Shibboleth but a number of the key concepts, such as the Internet2-MACE CourseID[20] parameter definition, have not to date been tested in production use. In 2005, Athens will extend the functionality of its AthensDA software to incorporate the Shibboleth architecture and in particular the SAML protocol for attributes. This work will be developed under the aegis of the JISC Core Middleware Infrastructure programme.


The LSE Library has over 3,000 e-journal subscriptions. At the moment, the licensing and access information attached to LSE electronic resources is somewhat dispersed. In part due to its size and number of users, the LSE library has proved to be a difficult operational testbed. Changes to instructions to users, such as how to login, are only changed once a year, so development projects such as SECURE have to fit with this schedule.

The SECURe project implemented Shibboleth for cross-domain access management; initially (from January 2004) LSE users accessed e-journals in the Jstor repository via a Shibbolised channel, instead of Athens mediated access to a UK mirror of the repository. Jstor has been one of the service providers participating most actively in Shibboleth development, amongst their motives being a reluctance to continue the costly practise of maintaining mirror repositories in the UK and other places, and a recognition that the widespread use of insecure IP proxies by universities (to enable access for off-campus users) was responsible for significant ‘leakage’ of resources to unlicensed users. MIMAS, a JISC data centre, hosts the Jstor mirror in the UK. Although the Shibboleth connection has been operational, there have not been a lot of users for the service.


The National Science Digital Library is using Shibboleth for authentication and authorization to resources available via the NSDL portal that are restricted to certain audiences.

Users register and login to the NSDL through the Access Management System developed by Core Integration partners at Columbia University. The system enables federated identity management allowing web content providers to establish relationships with subscribers on an individual, institutional, or other basis. Subscribers can locally manage their personal or institutional data.

In the first release of the NSDL, content providers (origin sites) and subscribers (target sites) must have a pre-existing peer relationship. To develop a Library with the depth and breadth of resources required by teachers and students the NSDL will continue to develop an Access Management System that provides benefits for both users and information providers. A growing variety of content that is both open to users and protected by content providers will create a Library that meets the science, technology, engineering and mathematics educational needs of students and teachers.


The Swiss team do not to date (June 2005) have success stories to report regarding access to e-journals using Shibboleth. That is mainly for two reasons:

  • It has taken SwitchAAI much longer to get the federation member service agreement finalised than anticipated. That was a pre-requisite before putting the federation partner agreement together which is a pre-requisite for adding external partners to the Federation like e-publishers. This should be finalised by end June 2005 so that SwitchAAI can contact publishers.

  • The other route followed by SwitchAAI is with EZproxy[21], which is now shibbolized, but that activity only started in June 2005. The server has been set up and will be configured by July 2005.


In the US, within the InCommon Federation, ScienceDirect (which offers Elsevier content) is operational. Initially, the implementation on ScienceDirect was piloted with selected universities from the InCommon Federation. From December 2004 utilisation of Shibboleth software has meant that users from all InCommon universities and colleges can now benefit from remote off-campus access to ScienceDirect without additional administration by participating institutions.